[striking]

Mr. Canfield's thoughts on the matter:

>> Of course, though the facts of the case are yet to be seen since no one in Germany is talking to us, I will definitely never host anything in Germany ever again

He was trusting of authorities and purposely did not use TLS (beyond STARTTLS) or encrypt his hard drives. And this is what happens. They take his hard drives immediately and seize his entire service.

How are we supposed to trust the authorities when they make themselves untrustable?

How are we, as server admins, supposed to stand down and backdoor our servers for law enforcement when this happens, when we know we can't trust them to use their powers responsibly?

Every time some big NSA exposé is unveiled, every time someone gets raided for no particular reason, I get to reaffirm my distrust of the Internet police, in whatever form they choose to take.

Policing the Internet is untenable and useless. Don't help the authorities attack your users, because oftentimes...

you're their last defense.

[gexcolo]

"Mr. Canfield" here,

I don't know if I would say I was "trusting of authorities" but I'm definitely distrusting now. I didn't bother with FDE because I figured it was more trouble than it was worth for a server that I ultimately don't own and can't control or protect against the oodles of key recovery attacks I'd have to worry about. In the event of a seizure I don't want to be like "hey uh they might have gotten everything maybe not!" so it's just not something I bothered with.

The situation is different now though as the service is being colocated instead of hosted on a rented server, which gives me a lot more freedom what can be done to secure the server against data theft. I'm also hosting with a privacy-conscious host (FlokiNET) I know will cooperate with me and fight bullshit government requests if/when they arrive (not saying what happened with Germany is bullshit, it's yet to be seen and I've been advised not to speculate).

Data theft aside, the service is in a more secure position it's ever been in. There's comfort in that, at least...

[belorn]

I wish that Debian installer (and other distributions) would have encryption on as default, especially if the installer ask you if you intend to install it as a mail server. Users are entrusting their communication to the server which means that the sane defaults should address their need for privacy and control.

Law enforcement always operate on what is easiest and cheapest. A common practice seem to have been established to raid a data center and take anything that could be valuable and then have it put on the backlog to be sorted in the next 5 years or until statute of limitations. By adding encryption to the situation, its possible to change the economics so its more economical to go through a judge and compel the service provider to provide the specific record that is being requested.

[jlgaddis]

IMO, "sane defaults" are missing from pretty much every operating system out there -- both in their installers and the resulting installed system.

It all comes down to that "convenience versus security" trade-off and, for better or worse, those implementing these systems tend to lean more towards the "convenience" side. It's going to take some major changes before we start seeing systems that are "(mostly) secure by default".